English | Deutsch | Español | Português
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
    Search 84716 CVE descriptions
and 45261 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Web application abuses
Title:IMP_MIME_Viewer_html class XSS vulnerabilities
Summary:IMP_MIME_Viewer_html class is vulnerable to XSS attacks
The remote server is running at least one instance of IMP whose version
number is between 3.0 and 3.2.1 inclusive. Such versions are vulnerable
to several cross-scripting attacks whereby an attacker can cause a
victim to unknowingly run arbitrary Javascript code simply by reading an
HTML message from the attacker.

Announcements of the vulnerabilities can be found at :

- http://marc.theaimsgroup.com/?l=imp&m=105940167329471&w=2
- http://marc.theaimsgroup.com/?l=imp&m=105981180431599&w=2
- http://marc.theaimsgroup.com/?l=imp&m=105990362513789&w=2

Note : OpenVAS has determined the vulnerability exists on the target
simply by looking at the version number of IMP installed there. If the
installation has already been patched, consider this a false positive.

Solution : Upgrade to IMP version 3.2.2 or later or apply patches found
in the announcements to imp/lib/MIME/Viewer/html.php.
CopyrightThis script is Copyright (C) 2003-2004 George A. Theall

This is only one of 45261 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
Registered User Login

 Forgot userid or passwd?

Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2015 E-Soft Inc. All rights reserved.